Intune Deployment at UHN Frequently Asked Questions Updated: December 2017

Overview

This document has been prepared to answer frequently asked questions regarding the application, Intune, and its deployment at UHN. Key questions have been organized into the following categories:

A. What is Intune and why should I download it? B. Will UHN Digital have access to my private data on my personal ? C. Will UHN Digital have the ability to wipe my data remotely, and how? D. How can I confirm my devices are on Intune? E. What if I already have a Mobile Device Management (MDM) program on my phone, such as SecureHub, AirWatch or GOOD? F. Are we charging staff for signing up for Intune? G. Intune Setup & Configuration Questions H. Who can I contact if I have more questions about Intune?

1

A. What is Intune and why should I download it?

1. What is Intune?

Microsoft Intune is a cloud-based tool, which can be downloaded onto a mobile device for enhanced data protection. This enables a feature called Mobile Device Management (MDM), which gives UHN employees access to your UHN data on a secure platform and protects corporate and patient-related information.

Intune also provides seamless access to Microsoft applications like the Outlook , for Business and Office tools, including Word or PowerPoint.

2. Why is UHN introducing Intune at this time?

To further enrich your email experience and ensure digital security at UHN, we are now deploying Intune to any staff accessing email on their mobile device using non-secure methods.

A number of users have been identified over the last few months as accessing their UHN email using a non- compliant method. We are now working towards eliminating this security risk, while optimizing mobile integration to our existing Office 365 platform.

3. Am I required to download Intune?

UHN staff members who require Intune have already been contacted by UHN Digital via email. These contacted users are currently accessing their UHN email using the Outlook Mobile App, a default Mail app, or any other similar email apps on their personal mobile device.

If you have been contacted by UHN Digital, you must install and enroll onto Intune in order to continue viewing UHN email on a personal device. Without Intune or another MDM platform, your access to your UHN email is not secure and you are at risk of exposing UHN corporate or patient information. It only takes one breach to compromise our UHN network and therefore compromise our patient, employee and research information.

If you do not wish to download Intune, you can remove all access to UHN email on your phone, and use UHN Webmail through your phone’s browser application, which now has a user-friendly Office 365 interface.

4. What is the deadline for Intune enrollment?

On November 30th, 2017, all non-compliant email access from a mobile device will stop syncing automatically. This means you will stop receiving new emails until you download or enroll your device on Intune or another MDM program.

5. I used to have access to UHN email, but lost this access after November 30th. What can I do to regain access?

To ensure you have access to your emails from your mobile device after November 30th, you must ensure you have enrolled onto Intune. You will have received emails from UHN Digital, which include enrollment instructions. For more information, please contact [email protected].

2

6. I didn’t receive an email about Intune from UHN Digital. Can I download Intune on my personal device?

At this time, only the staff who have received a non-compliance message from UHN Digital will be enabled for Intune enrollment. In the coming months, we will be introducing Intune to all staff with a broader deployment approach.

B. Will UHN Digital have access to my private data on my personal mobile device?

Through Intune, UHN Digital will have limited access to your device-specific data, but not to your personal data or phone activity.

The UHN Digital IT administrators cannot see on your device: • Call and web history • Location • Email and text messages • Contacts • Passwords • Calendar • Camera or Images

The UHN Digital IT administrators can see on your device: • Phone Model and Device Name • Serial Number • Operating System • App names • Owner

C. Will UHN Digital have the ability to wipe my data remotely, and how?

Two different actions can be performed through a remote wipe.

1. Complete wipe:

All the data including personal data and pictures on the device will be deleted, and the device is returned to its original factory setting. This means UHN Digital will do a complete wipe of your device remotely under the following circumstances:  When you report your device as lost and/or stolen to UHN Digital.  When you report that someone has gained unauthorized access to your device.  When you cannot remember your device password.  When you request that UHN perform a complete wipe of your device.

2. Selective wipe:

Only UHN Corporate Data will be removed from the device. Any other data or applications on the device will not be deleted. UHN will do a selective wipe of your device remotely under the following circumstances:  When you root/jailbreak your device

3

 When you remove/alter the policy setting of your device that no longer meet the requirement of this program  When you un-enroll from this program (e.g., you no longer work at UHN)  When you request that UHN perform a selective wipe of your device

D. How can I confirm my devices are on Intune?

When you download Intune, you will also be prompted to install the Microsoft Company Portal (Comp Portal). This allows you to monitor which devices your email is logged into.

Select the Comp Portal app and check under My Devices to see which devices currently have your email accessible. You will notice a checkmark next to the devices, which are compliant with UHN’s privacy and security policies (i.e., currently have Intune or an MDM program on the device).

See below for screenshots for the Comp Portal app:

E. What if I already have a Mobile Device Management (MDM) program on my phone?

1. If I already have a Mobile Device Management (MDM) program on my phone, from UHN or any other hospital, is there any action required from me.

At this time, you can choose to continue using your current MDM platform as is and you are not required to download Intune. However, please note that your MDM device should not have any other access to UHN email using other applications outside of MDM (i.e., default mail app). Otherwise, you will continue to be our non- compliance report.

To ensure your MDM device is compliant with UHN’s privacy and security policies, you must be sure to complete the following:

4

 Uninstall the Outlook Mobile App from devices on MDM  Uninstall or remove your UHN account from any other app connected to UHN email (e.g. Your device’s default mail app, BlueMail, TypeApp, etc.)

2. Can I have both MDM (XenMobile, AirWatch, and GOOD) and Intune on my mobile device at the same time?

Two MDM platforms cannot coexist on one mobile device at the same time. For example, if you already have XenMobile installed on your phone, and then you install Intune, by default your XenMobile platform and all associated apps will be removed automatically.

If this occurs in error, please contact [email protected].

3. I have MDM (XenMobile, AirWatch or GOOD) on my mobile device today, but I want to enroll onto Intune instead. What do I do?

If your department is paying for your current MDM costs (e.g. $25/month for XenMobile or SecureHub), it is recommended that you discuss this matter with your manager first.

If you are paying out of pocket for monthly MDM fees and want to cancel and enroll onto Intune, please consider the following:  You will continue to have access to your Outlook Mobile app  You will have access to apps such as MS Word, Excel, PowerPoint  You will not have access Citrix apps that were available through SecureHub, such as EPR or VIP

If you use the EPR or VIP mobile apps through SecureHub, it is recommended that you continue to use your existing MDM platform at this time.

If you require further information prior to deciding, please contact UHN Digital at [email protected].

F. Are we charging staff for signing up for Intune? Currently, the overall costs for Intune are included in UHN’s current Office 365 license fee, managed by UHN Digital entirely. At this time, Digital is not introducing any charge for enrolling onto Intune, as our teams focus is on strengthening UHN’s mobile security and closing any security gaps.

Moving forward, we intend to replace existing MDM solutions with Intune and this may result in a new cost structure. Any new information regarding this cost structure will be shared with all staff in the coming months.

5

G. Intune Setup and Configuration Questions

1. What devices does Intune support?

Intune supports most , iOS, Android, and Mac OS X devices. However, Intune does not support BlackBerry devices or OS devices, unless the device has an Android operating system.

If you are unsure of your Blackberry’s operating system, please contact UHN Digital at [email protected] or your local help desk for more information.

2. Can I enroll more than one device onto Intune?

Yes, you can enroll up to 10 devices onto Intune.

3. Am I required to download the Microsoft’s other mobile applications (ex. Word, PowerPoint mobile apps, etc?)

For iOS devices, these additional apps are available if you wish to edit the files through your device. If you wish to only preview files through your Outlook Mobile App, the Microsoft apps are not required.

For Android devices, the Microsoft mobile apps are required as part of your Intune installation. This will allow you to view attachments through your Outlook Mobile App, and edit the files on the go.

4. What is the Focused inbox in my Outlook Mobile App, and can I turn it off?

In your Outlook Mobile App, you’ll notice that your inboxes are separated into two tabs – Focused and Other. Your most important emails, from UHN colleagues or known contacts, are on the Focused tab.

The other emails not directly addressed to you, such as email newsletters or out of office alerts, remain easily accessible—but out of the way—on the Other tab.

If you wish to turn off the Focused Inbox feature, please follow the steps below.

For iOS devices:

1. Access your settings by selecting the icon on the top left corner of your application and then select the gear icon .

2. Ensure the Focused Inbox option is turned off.

6

For Android Devices:

1. Select the three dots along the top right corner of your application and then click Settings.

2. Ensure the Focused Inbox option is turned off.

5. How do I sync my Outlook contacts to my device?

For iOS devices: 1. Access your settings by selecting the icon on the top left corner of your application and then select the gear icon .

2. Select your email account ([email protected]).

3. Turn on the Save Contacts option.

For Android Devices:

1. Select the three dots along the top right corner of your application and then click Settings.

2. Select your email account ([email protected]).

3. Turn on the Sync Contacts option.

H. Who can I contact if I have more questions about Intune?

For more information on Intune and its deployment at UHN, please contact UHN Digital at [email protected].

7